Lucene search

K
cve[email protected]CVE-2016-9889
HistoryDec 23, 2016 - 5:59 a.m.

CVE-2016-9889

2016-12-2305:59:00
CWE-79
web.nvd.nist.gov
13
cve-2016-9889
tiki wiki
cms
xss
vulnerability
security
nvd
parameter
input sanitized
geo_zoomlevel_to_found_location

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.4%

Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don’t have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS.

Affected configurations

NVD
Node
tikitikiwiki_cms\/groupwareMatch12.0
OR
tikitikiwiki_cms\/groupwareMatch12.1
OR
tikitikiwiki_cms\/groupwareMatch12.2
OR
tikitikiwiki_cms\/groupwareMatch12.3
OR
tikitikiwiki_cms\/groupwareMatch12.4
OR
tikitikiwiki_cms\/groupwareMatch12.5
OR
tikitikiwiki_cms\/groupwareMatch12.6
OR
tikitikiwiki_cms\/groupwareMatch12.7
OR
tikitikiwiki_cms\/groupwareMatch12.8
OR
tikitikiwiki_cms\/groupwareMatch12.9lts
OR
tikitikiwiki_cms\/groupwareMatch15.0
OR
tikitikiwiki_cms\/groupwareMatch15.1
OR
tikitikiwiki_cms\/groupwareMatch15.2
OR
tikitikiwiki_cms\/groupwareMatch16.0

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.4%

Related for CVE-2016-9889